The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks
Proceedings of the 7th International Workshop on Security Protocols
Enabling email confidentiality through the use of opportunistic encryption
dg.o '03 Proceedings of the 2003 annual national conference on Digital government research
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
SSH: secure login connections over the internet
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Email-Based Identification and Authentication: An Alternative to PKI?
IEEE Security and Privacy
Views, reactions and impact of digitally-signed mail in e-commerce
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
Secrecy, flagging, and paranoia: adoption criteria in encrypted email
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Is usable security an oxymoron?
interactions - A contradiction in terms?
Designing ethical phishing experiments: a study of (ROT13) rOnl query features
Proceedings of the 15th international conference on World Wide Web
Aligning usability and security: a usability study of Polaris
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
The methodology and an application to fight against Unicode attacks
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
USEable security: interface design strategies for improving security
Proceedings of the 3rd international workshop on Visualization for computer security
A Case (Study) For Usability in Secure Email Communication
IEEE Security and Privacy
Lessons learned from the deployment of a smartphone-based access-control system
Proceedings of the 3rd symposium on Usable privacy and security
Facemail: showing faces of recipients to prevent misdirected email
Proceedings of the 3rd symposium on Usable privacy and security
Communications of the ACM
Fighting unicode-obfuscated spam
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
ACM SIGACT News
Proceedings of the 7th symposium on Identity and trust on the Internet
Waterhouse: enabling secure e-mail with social networking
CHI '09 Extended Abstracts on Human Factors in Computing Systems
Usable trust anchor management
Proceedings of the 8th Symposium on Identity and Trust on the Internet
Usable secure mailing lists with untrusted servers
Proceedings of the 8th Symposium on Identity and Trust on the Internet
Incorporating accountability into internet email
Proceedings of the 2009 ACM symposium on Applied Computing
International Journal of Human-Computer Studies
Instruction, Feedback and Biometrics: The User Interface for Fingerprint Authentication Systems
INTERACT '09 Proceedings of the 12th IFIP TC 13 International Conference on Human-Computer Interaction: Part II
ABUSE: PKI for real-world email trust
EuroPKI'09 Proceedings of the 6th European conference on Public key infrastructures, services and applications
The usability of end user cryptographic products
2009 Information Security Curriculum Development Conference
SUT: Quantifying and mitigating URL typosquatting
Computer Networks: The International Journal of Computer and Telecommunications Networking
Helping Johnny 2.0 to encrypt his Facebook conversations
Proceedings of the Eighth Symposium on Usable Privacy and Security
Confused Johnny: when automatic encryption leads to confusion and mistakes
Proceedings of the Ninth Symposium on Usable Privacy and Security
Cryptagram: photo privacy for online social media
Proceedings of the first ACM conference on Online social networks
Hi-index | 0.02 |
Secure email has struggled with signifcant obstacles to adoption, among them the low usability of encryption software and the cost and overhead of obtaining public key certificates. Key continuity management (KCM) has been proposed as a way to lower these barriers to adoption, by making key generation, key management, and message signing essentially automatic. We present the first user study of KCM-secured email, conducted on naïve users who had no previous experience with secure email. Our secure email prototype, CoPilot, color-codes messages depending on whether they were signed and whether the signer was previously known or unknown. This interface makes users signicantly less susceptible to social engineering attacks overall, but new-identity attacks (from email addresses never seen before) are still effective. Also, naïve users do use the Sign and Encrypt button on the Outlook Express toolbar when the situation seems to warrant it, even without explicit instruction, although some falsely hoped that Encrypt would protect a secret message even when sent directly to an attacker. We conclude that KCM is a workable model for improving email security today, but work is needed to alert users to "phishing" attacks.